server {
  listen 443 ssl;
  server_name mydomain.com;
  ssl_certificate /path/to/fullchain;
  ssl_certificate_key /path/to/key;

  ssl_session_timeout 24h;
  ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256';
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;

  location / {
    proxy_pass https://registry-1.docker.io;
    proxy_set_header Host registry-1.docker.io;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_buffering off;
    proxy_set_header Authorization $http_authorization;
    proxy_pass_header  Authorization;
    proxy_intercept_errors on;
    recursive_error_pages on;
    error_page 301 302 307 = @handle_redirect;
  }
  location @handle_redirect {
    resolver 1.1.1.1;
    set $saved_redirect_location '$upstream_http_location';
    proxy_pass $saved_redirect_location;
  }
}
最后修改:2024 年 07 月 17 日
© 允许规范转载
如果觉得我的文章对你有用,请随意赞赏